Microsoft admits major vulnerability in Internet Explorer

By Sooraj Shah
28 Apr 2014 View Comments
Microsoft Internet Explorer

Microsoft is working swiftly to fix a major bug in its Internet Explorer browser that can enable hackers to gain access and user rights to a company or consumer PC.

In a blog post, security firm FireEye said it identified a zero day exploit in Internet Explorer which affects all versions of the browser from IE6 to IE11, with versions after IE9 most susceptible to the vulnerability.

Further reading

Vulnerable versions of IE accounted for over a quarter (26.25 per cent) of the browser market in 2013, according to NetMarket Share, meaning that many consumers and businesses will be affected by the bug.

The company said that hackers are already using the exploit in an ongoing campaign which FireEye has codenamed ‘Operation Clandestine Fox'.

Despite not being able to release a lot of information about the group behind the campaign as it is still being treated as an active investigation, FireEye said that they are "extremely proficient at lateral movement and are difficult to track as they typically do not reuse command and control infrastructure".

Microsoft said it was aware of the vulnerability and that it was investigating this further. The software giant said it would take the "appropriate action to protect its customers".

At the moment, it suggests customers should enable a firewall, apply all software updates and install anti-malware software.

But people who are still using the Windows XP operating system will not be able to receive a patch when it does become available, as Microsoft has ended official support for the system earlier this month. This will leave them exposed to the vulnerability and at risk of being hacked. The government will receive a patch, as it signed a £5.5m deal to extend XP support for a further year.

Recent research from virtualisation and desktop management firm AppSense suggests that as much as 77 per cent of British businesses are running Windows XP in some capacity.

"These organisations could be impacted by further exploits to this vulnerability as malware creators take further advantage of this security hole, which will remain open [on Windows XP]," said Simon Townsend, chief technologist of Europe at AppSense.

Organisations still reliant on XP will be relieved that antivirus companies at least are continuing to update their software running on XP PCs until 2015.

Microsoft has advised all IE users to follow the ‘suggested actions' section on its security bulletin, which can be found here.

An update on the latest IT news can be found below.

Reader comments
blog comments powered by Disqus
Windows 10 - will you upgrade?

Microsoft has made an early version of Windows 10 - its next operating system - available for download. The OS promises better integration and harmonisation across platforms, including mobile and desktop. Will your business be upgrading?

37 %
27 %
15 %
21 %